Professional Documents
Culture Documents
Product Description
The Juniper Networks® SRX4600 Services Gateway protects mission-critical data
center and campus networks for enterprises, mobile service providers, and cloud
service providers. Designed for high-performance security services architectures,
the SRX4600 protects key corporate IT assets as a next-generation firewall, acts as
an enforcement point for cloud-based security solutions, and provides application
visibility and control to improve the user and application experience.
Product Overview
Integrating networking and security in a single platform, the SRX4600 features
multiple high-speed interfaces, intrusion prevention, advanced threat protection,
The SRX4600 Services Gateway
and authentication, along with high-performance IPsec VPN and Internet gateway
is a high-performance, next-
capabilities. It also offers high scalability, high availability, robust protection,
generation firewall and hardware-
application visibility, user identification, and deep content inspection to provide
accelerated security gateway that unparalleled control over the security infrastructure.
supports the changing needs of
cloud-enabled enterprise and The SRX4600 also acts as a central enforcement point in the Juniper Software-
Defined Secure Network (SDSN) framework, leveraging strong automation and
service provider networks. Whether
actionable intelligence to protect users in a multivendor network environment.
rolling out new services in an
enterprise data center or campus, The SRX4600 is powered by Juniper Networks Junos® operating system, the
connecting to the cloud, complying industry-leading OS that keeps the world’s largest mission-critical enterprise and
with industry standards, deploying service provider networks secure.
distributed security gateways, or Architecture and Key Components
offering high-scale multitenant
The SRX4600 hardware and software architecture provides cost-effective security
security services, the SRX4600
in a small 1 U form factor. Purpose-built to protect network environments and
helps organizations realize their provide Internet Mix (IMIX) firewall throughput up of 75 Gbps, the SRX4600
business objectives while providing incorporates multiple security services and networking functions on top of Junos
scalability, high availability, ease of OS. Best-in-class security and advanced threat mitigation capabilities on the
management, secure connectivity, SRX4600 are offered as 20 Gbps of next-generation firewall, 20 Gbps of intrusion
and advanced threat mitigation prevention system (IPS), and up to 16 Gbps of IPsec VPN in data center, enterprise
capabilities. campus, and regional headquarter deployments with IMIX traffic patterns.
Table 1: SRX4600 Statistics1
Performance SRX4600
Firewall throughput 95 Gbps
Firewall throughput—IMIX 75 Gbps
Firewall throughput with application security 80 Gbps
IPsec VPN throughput—IMIX/1400 B 16/38 Gbps
Intrusion prevention system (IPS) 60 Gbps
NGFW2 throughput 20 Gbps
Connections per second 500,000
Maximum session 60 million
The SRX4600 recognizes more than 3500 applications and nested applications in
plain text or SSL-encrypted transactions. The firewall also integrates with Microsoft
Active Directory and combines user information with application data to provide
network-wide application and user visibility and control.
1
Performance, capacity, and features listed are based on systems running Junos OS 17.4R1-S1 and are measured under ideal testing conditions. Actual
results may vary based on Junos OS releases and by deployments.
2
Next-generation firewall (NGFW) is a combination of advanced features such as application security, IPS, and URLF in addition to the foundational
services such as logging and stateful firewall.
1
SRX4600 Services Gateway
High performance Up to 95 Gbps of firewall • Best suited for enterprise campus and data center edge deployments
throughput (up to 75 Gbps of • Ideal for secure router/VPN concentrator deployments at the head office
IMIX firewall throughput)
• Addresses diverse needs and scale for service provider deployments
High-quality end-user experience Application visibility and control • Detects 3500+ L3-L7 applications, including Web 2.0
• Controls and prioritizes traffic based on application and use role
• Inspects and detects applications inside SSL-encrypted traffic
Advanced threat protection Intrusion prevention system • Provides real-time updates to IPS signatures and protects against exploits
(IPS), antivirus, antispam, threat • Implements industry-leading antivirus and URL filtering
intelligence feeds, Juniper Sky™
• Delivers open threat intelligence platform that integrates with third-party feeds
Advanced Threat Prevention,
Juniper ATP Appliance • Protects against zero-day attacks
• Stops rogue and compromised devices to disseminate malware
Professional-grade networking services Routing, secure wire • Supports carrier-class advanced routing and quality of service (QoS)
Highly secure IPsec VPN • Provides high-performance IPsec VPN with dedicated crypto engine
• Offers diverse VPN options for various network designs, including remote access and
dynamic site-to-site communications
• Simplifies large VPN deployments with auto VPN
• Includes hardware-based crypto acceleration
Highly reliable Chassis cluster, redundant power • Provides stateful configuration and session synchronization
supplies • Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with dual power supply unit (PSU)
Easy to manage and scale On-box GUI, Juniper Networks • Enables centralized management for autoprovisioning, firewall policy management,
Junos Space® Security Director Network Address Translation (NAT), and IPsec VPN deployments
• Includes simple, easy-to-use on-box GUI for local management
2
SRX4600 Services Gateway
3
SRX4600 Services Gateway
Hardware Specifications
Table 3: SRX4600 Hardware Specifications
4
SRX4600 Services Gateway
Overlay (GRE, IP-IP) Included SRX4600-IPS-5 Intrusion Prevention Signature Updates, 5 year,
SRX4600
Network services (J-Flow, DHCP, QoS, BFD) Included
SRX4600-ATP-1 Juniper Sky ATP, 1 year, SRX4600
Stateful firewall, screens, application-level gateways (ALGs) Included
SRX4600-ATP-3 Juniper Sky ATP, 3 year, SRX4600
NAT (static, SNAT, DNAT) Included
SRX4600-ATP-5 Juniper Sky ATP, 5 year, SRX4600
IPsec VPN (site-site VPN, auto VPN, group VPN) Included
SRX4600-ATP-BUN-1 1 year subscription for AppSecure, IPS (IDP),
Firewall policy enforcement (UAC, Aruba CPPM) Included Enhanced Web Filtering (EWF), antivirus, and
Juniper Sky ATP service on SRX4600
Chassis cluster, VRRP, unified ISSU Included
SRX4600-ATP-BUN-3 3 year subscription for AppSecure, IPS (IDP),
Automation (Junos OS scripting, auto-installation) Included
EWF, antivirus, and Juniper Sky ATP service on
General Packet Radio Service (GPRS)/GPRS tunneling Included SRX4600
protocol (GTP)/Stream Control Transmission Protocol
SRX4600-ATP-BUN-5 5 year subscription for AppSecure, IPS (IDP),
(SCTP)
EWF, antivirus, and Juniper Sky ATP service on
Application security (AppID, AppFW, AppQoS, AppRoute) Included SRX4600
Enhanced Web filtering Optional SRX4600-THRTFEED-1 Juniper Sky ATP feeds only, 1 year, SRX4600
NGFW security bundle featuring antispam, antivirus, Optional SRX4600-THRTFEED-3 Juniper Sky ATP feeds only, 3 year, SRX4600
enhanced Web filtering, application security (AppID,
SRX4600-THRTFEED-5 Juniper Sky ATP feeds only, 5 year, SRX4600
AppFW, AppQoS, AppRoute)
IDP updates Optional Service Spares
Juniper Sky Advanced Threat Prevention Optional
Product Number Description
Juniper ATP Appliance Optional
JNP-FAN-1RU Universal fan, 1 U chassis
SRX4600-DC SRX4600 Services Gateway, DC SRX4600-4PST-RMK Rack mount kit, 4-post adjustable for SRX4600
5
SRX4600 Services Gateway
Copyright 2018 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.